Qweth Posted March 29, 2015 ID:951474 Share Posted March 29, 2015 Yeah so I am having a problem maybe with a msmpeng process. svchost gettin in on the action also... I clicked ok on one of the web's nefarious pop up thingies, who knows what that might have done. Also I always feel like I am losing performance somewhere. Everything runs faster for 10min after a format type thing. So I have a couple logs here I would appreciate someone giving them a once-over to see if something may be amiss. Here is this DDS I have never used this before. DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.45.2Run by Bob at 1:50:50 on 2015-03-29Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3326.1816 [GMT -6:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exec:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\system32\atiesrxx.exeC:\Windows\system32\atieclxx.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Fitbit Connect\FitbitConnectService.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Logitech\SetPointP\SetPoint.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files\Fitbit Connect\Fitbit Connect.exeC:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Common Files\Java\Java Update\jucheck.exeC:\Program Files\MacroRecorder\MacroLauncher.exeC:\Program Files\Classic Shell\ClassicStartMenu.exeC:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exeC:\Windows\system32\taskmgr.exeC:\Windows\explorer.exeC:\Windows\system32\wuauclt.exeC:\Program Files\League of Legends\RADS\system\rads_user_kernel.exeC:\Program Files\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.241\deploy\LoLLauncher.exeC:\Program Files\League of Legends\RADS\projects\lol_patcher\releases\0.0.0.25\deploy\LoLPatcher.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\foobar2000\foobar2000.exeC:\Program Files\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.136\deploy\LolClient.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k netsvcs.============== Pseudo HJT Report ===============.BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - c:\program files\classic shell\ClassicExplorer32.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - c:\program files\logitech\setpointp\SetPointSmooth.dllBHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllBHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - c:\program files\classic shell\ClassicIE9DLL_32.dllTB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - c:\program files\classic shell\ClassicExplorer32.dlluRun: [DellSystemDetect] c:\users\bob\appdata\roaming\microsoft\windows\start menu\programs\dell\Dell System Detect.appref-msuRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorunuRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorunmRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\x86\CLIStart.exe" MSRunmRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkeymRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetchmRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /smRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGamingmRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorunmRun: [Classic Start Menu] c:\program files\classic shell\ClassicStartMenu.exemPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htmIE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htmIE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htmIE: Download with Free Download Manager - c:\program files\free download manager\dllink.htmIE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - c:\program files\classic shell\ClassicIE9_32.exeIE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}Trusted Zone: dell.comTCP: NameServer = 192.168.2.1 66.182.71.3 63.248.56.99TCP: Interfaces\{79AE6B05-CCA4-436D-B023-0BA638BD3935} : DHCPNameServer = 192.168.2.1 66.182.71.3 63.248.56.99Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\41.0.2272.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.================= FIREFOX ===================.FF - ProfilePath - c:\users\bob\appdata\roaming\mozilla\firefox\profiles\lmfzicta.default\FF - plugin: c:\program files\google\update\1.3.25.11\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]R1 {5eeb83d0-96ea-4249-942c-beead6847053}w;{5eeb83d0-96ea-4249-942c-beead6847053}w;c:\windows\system32\drivers\{5eeb83d0-96ea-4249-942c-beead6847053}w.sys [2014-8-29 52376]R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-12-6 209408]R2 Fitbit Connect;Fitbit Connect Service;c:\program files\fitbit connect\FitbitConnectService.exe [2014-5-19 1436192]R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-9-27 104768]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2013-9-24 77312]R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2014-3-18 42264]R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2014-3-18 10136]R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2015-1-2 315488]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-3-14 108032]S3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\netr28u.sys [2010-2-12 844064]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-12-28 14848]S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-12-28 49664]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-12-28 1343400].=============== Created Last 30 ================.2015-03-29 07:34:20 9119072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8ee36eb9-0362-4037-93d6-4c82c273406f}\mpengine.dll2015-03-28 09:38:35 -------- d-----w- c:\users\bob\appdata\local\Steam2015-03-28 02:48:04 9119072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll2015-03-26 02:42:58 908832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{518b5bf8-3fbf-4725-9a29-74ddd544e273}\gapaengine.dll2015-03-20 06:45:47 -------- d-----w- c:\program files\Classic Shell2015-03-19 05:35:20 -------- d-----w- C:\Downloads2015-03-19 05:23:48 -------- d-----w- c:\users\bob\appdata\roaming\Free Download Manager2015-03-19 04:04:17 -------- d-----w- c:\program files\Free Download Manager.==================== Find3M ====================.2015-03-03 13:16:52 246920 ------w- c:\windows\system32\MpSigStub.exe2015-02-05 04:12:34 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2015-02-05 04:12:33 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2015-01-03 12:10:41 98304 ----a-w- c:\windows\system32\CmdLineExt.dll2015-01-03 11:48:25 691696 ----a-w- c:\windows\system32\drivers\sptd.sys.============= FINISH: 1:52:13.36 =============== And here is a hijackthis. I have used this for awhile but it hasnt shown anything for awhile seems like. Logfile of Trend Micro HijackThis v2.0.5Scan saved at 1:41:52 AM, on 3/29/2015Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.16521) FIREFOX: 34.0.5 (x86 en-US)Boot mode: Normal Running processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files\Logitech\SetPointP\SetPoint.exeC:\Program Files\Fitbit Connect\Fitbit Connect.exeC:\Users\Bob\AppData\Local\Apps\2.0\Y51J908B.NDL\4TVYEGPX.XY9\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exeC:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Common Files\Java\Java Update\jucheck.exeC:\Program Files\MacroRecorder\MacroLauncher.exeC:\Program Files\Steam\steam.exeC:\Program Files\Steam\bin\steamwebhelper.exeC:\Program Files\Classic Shell\ClassicStartMenu.exeC:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exeC:\Windows\system32\taskmgr.exeC:\Windows\explorer.exeC:\Windows\system32\wuauclt.exeC:\Windows\system32\SearchFilterHost.exeC:\Users\Bob\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllO2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dllO2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllO2 - BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dllO3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dllO4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe" MSRunO4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchO4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /sO4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGamingO4 - HKLM\..\Run: [Fitbit Connect] "C:\Program Files\Fitbit Connect\Fitbit Connect.exe" /autorunO4 - HKLM\..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exeO4 - HKCU\..\Run: [DellSystemDetect] C:\Users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-msO4 - HKCU\..\Run: [Fitbit Connect] "C:\Program Files\Fitbit Connect\Fitbit Connect.exe" /autorunO4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorunO4 - HKCU\..\Run: [{79BF4901-1EC4-4726-B3C2-A7859706C6E7}] "C:\Users\Bob\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe" /cmdloc "HKCU\Software\Riot Games AiTemp\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}"O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htmO8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htmO8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htmO8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htmO9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exeO9 - Extra 'Tools' menuitem: Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exeO9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: *.dell.comO17 - HKLM\System\CCS\Services\Tcpip\..\{097F4830-7E43-4ECD-BD3F-555F1C764EF9}: NameServer = 8.8.8.8O17 - HKLM\System\CS1\Services\Tcpip\..\{097F4830-7E43-4ECD-BD3F-555F1C764EF9}: NameServer = 8.8.8.8O17 - HKLM\System\CS2\Services\Tcpip\..\{097F4830-7E43-4ECD-BD3F-555F1C764EF9}: NameServer = 8.8.8.8O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exeO23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - C:\Program Files\Fitbit Connect\FitbitConnectService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe --End of file - 7067 bytes I hope I am not out of line wrong forum or anything thanks for any help. Bob DDS.txthijackthis.log Link to post Share on other sites More sharing options...
gtyhfy Posted March 29, 2015 ID:951481 Share Posted March 29, 2015 Hi Bob, It is not permitted to work on possible malware-related issues here in this section of the forum.Please read through and follow the advice in this pinned topic: Available Assistance For Possibly Infected Computers.Please be patient, a malware analyst will assist you with looking into your issue after providing required information.Thanks, Link to post Share on other sites More sharing options...
Qweth Posted March 29, 2015 Author ID:951483 Share Posted March 29, 2015 ok is there a way for me to move this post myself or do I copy/paste and then u remove from here? Link to post Share on other sites More sharing options...
Qweth Posted March 29, 2015 Author ID:951485 Share Posted March 29, 2015 nevermind i guess just needa ex this post! You promise tho that ur programs arent whack? meh my stuff is pretty whacked already ok so thanks ppl haveagood Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now